Apparently I'm studying CISSP

Devilsbane

My boss comes over today and sees my 70-293 book sitting on my desk and asks what I'm studying for now. (I like to read on lunch, and occasionally during the day if there is nothing else to do.)

He says "Aren't you studying for the CISSP" I reply with "No, its on my long list of things to do, but it is still quite a ways out there." At this he gets an oops look on his face and informs me that he was telling another manager about the guy that he has who is studying CISSP and she expressed interested.

Mostly I'm saying this because it makes me chuckle. But do you guys think this will 1) hurt me because now he has an expectation that I'm working on CISSP. 2) Benefit me that this other manager might take interest into what I am really studying. Or door number 3, mean nothing?

earweed

Or door number 4 move the CISSP up on your "to do" list.
If it might help you to advance where you're at then it may not be a bad thing to look into. I know that getting your MCSE may seem like the most important thing in the world to you but if it means advancing then you could always shift gears a little.

Devilsbane

earweed wrote: »

Or door number 4 move the CISSP up on your "to do" list.
If it might help you to advance where you're at then it may not be a bad thing to look into. I know that getting your MCSE may seem like the most important thing in the world to you but if it means advancing then you could always shift gears a little.

I was considering some precursors to the CISSP next year. But I think it would be silly to really start studying for it right now. But what if I was to buy a book for light reading? Then I can ease the pain for when I do take the studying head on, and can also confirm that it is in progress lol.

earweed

And then your manager can brag about you studying for the CISSP..lol

motogpman

Devil, we need more input....need more input. Was he hinting at providing you training material and such or just saying it to possibly coo the other manager?

The reason I am asking is that after taking and failing the 293 2 times, passing on the 3rd attempt, it made me really start to wonder if I am losing steam on the MCSE and the CISSP is also on my long term list of goals.

Not sure if it's just me, but I at times feel like information overload in just working on MS stuff all the time now. Hell the last time I sat 293 I thought for sure I had faiiled it because some of the quesions were just plain stupid (wording of what they were asking was on par with some of the Comptia questions).

I would say that if he is willing to help you, you may want to pursue it and you never know, it may help you in the long run. With the economy the way it is right now, employers are not handing out "bones" like they used to, so maybe it was a subtle hint.

RobertKaucher

OMFG!!! If there is one thing that I preach it is make a plan and at least stick to the general strategic vision. 4 exams from the MCSE: Security? And you are considering adding something into the mix that may cause you to break focus? FINISH THIS DANG MCSE:S IN 4 MONTHS! Then buy all the flippin' CISSP books you want.

I am seriously throwing down a challenge. 4 tests in 4 months. Do it!

[Deleted User]

Haha +1 Rob. I know a lot of us think the same way here.. we are always thinking about whats next and have a hard time focusing on what is presently in front of us. Atleast that is the case for me. Heed the advice of Rob, finish out your MCSE and then move forward with the CISSP. This is something that I found very interesting and I think it pretty true..

Derek Sivers: Keep your goals to yourself | Video on TED.com

Maybe it applies, maybe it doesn't but it's food for thought.

veritas_libertas

I would have to agree with RK. Finish the MCSE:Security quick and then go on to the CISSP.

RobertKaucher

I honestly don't even know if Devilsbane was going for the Security specialization. But I can only imagine so if he is also looking at the CISSP. But I still think it's a good challenge.

@Devilsbane: the 299 and 298 are basically the same test from different perspectives. If you are serious about it, you can do it in that time frame.

N2IT

Devilsbane wrote: »

My boss comes over today and sees my 70-293 book sitting on my desk and asks what I'm studying for now. (I like to read on lunch, and occasionally during the day if there is nothing else to do.)

He says "Aren't you studying for the CISSP" I reply with "No, its on my long list of things to do, but it is still quite a ways out there." At this he gets an oops look on his face and informs me that he was telling another manager about the guy that he has who is studying CISSP and she expressed interested.

Mostly I'm saying this because it makes me chuckle. But do you guys think this will 1) hurt me because now he has an expectation that I'm working on CISSP. 2) Benefit me that this other manager might take interest into what I am really studying. Or door number 3, mean nothing?

Bane if you have a chance to study and pass that exam I would do it. IMO and thatt's all it is my opinion, I would put all your studies on hold and get your CISSP. That's just my two cents.

BTW I'm excited for you, I hope you go through with it and pass it.

RobertKaucher

N2IT wrote: »

Bane if you have a chance to study and pass that exam I would do it. IMO and thatt's all it is my opinion, I would put all your studies on hold and get your CISSP. That's just my two cents.

BTW I'm excited for you, I hope you go through with it and pass it.

How exactly is he going to do that? It is not just a simple test that you take. There are other requirements and he would need experience and, I believe, a sponsor. 4 months. Finish the MCSE Security. Then move on to the CISSP. JMO, but I do not see what value the Associate of ISC designation is going to give you right now. An MCSE: Security would offer much more tangible benifits that will build to achieving the full CISSP cert.

Do not do the start, stop and never finish.

Devilsbane

RobertKaucher wrote: »

I honestly don't even know if Devilsbane was going for the Security specialization. But I can only imagine so if he is also looking at the CISSP. But I still think it's a good challenge.

@Devilsbane: the 299 and 298 are basically the same test from different perspectives. If you are serious about it, you can do it in that time frame.

Yes, thats the plan. And the goal is for about 4 tests in 4 months. 4-5 weeks for the 293 and 294, and then to spend 5 or 6 working on both the 298 and 299 and then to take the 298 one week and the 299 the next week. I have all of the books for all 4 tests, transcenders for the 293 and 294, and a CBT nuggets subscription.

I will definitely be finishing the MCSE, but I am concerned with where I will be next year and I'm trying to get an idea of what I would like to accomplish. I'm pretty sure that the CISSP won't even be on next years list. CISA, CISM, and C|EH are potential candidates though. I'm trying to do research now to see how to make them a part of my schedule and to see how they can fit in.

Thanks for the advice!

N2IT

RobertKaucher wrote: »

How exactly is he going to do that? It is not just a simple test that you take. There are other requirements and he would need experience and, I believe, a sponsor. 4 months. Finish the MCSE Security. Then move on to the CISSP. JMO, but I do not see what value the Associate of ISC designation is going to give you right now. An MCSE: Security would offer much more tangible benifits that will build to achieving the full CISSP cert.

Do not do the start, stop and never finish.

I respectfully disagree.

The value of your boss requesting you to start studying doesn't mean much? Huh?

Secondly, making a blanket statement about "Do not do the start, stop and never finish". is naive. Baseline thinking/evaluation is very common with motivational speakers and successful orators. There is always more than one way to skin a cat, and if Bane's boss wants him to do something that could move him ahead, Bane would be foolish not to at the very least hear him out. The whole point of certifications is to learn and to advance. If your boss is nodding and winking saying hey " Get this certification, because good things will happen with you in this company". or " The chance of you moving up into a role we want to groom you for is very good". You better darn well stop the MCSE and go with what has hi ROI. There is no higher ROI than a guarnteed promotion if you get a certification. And as far as the criteria for the certification, that could be introduced while he is studying. People always expedite certifications when presented a situation like this. My old supervisor was ramped up on SCM SAP 3 weeks before he officially took the job.


With all that said I don't know his specific situation that's why I threw out some examples.

earweed

Just my opinion but if one of his managers happens to be someone who could sponsor DB and see to it that he can get the experience then he could just START the study on the side now while still getting that MCSE and immediately (after maybe a week or 3 off) dive in head first.
Basicaly find out what that manager (or any manager where you work) can do for you. You may just be finding your connection you need to get into security.

nel

RobertKaucher wrote: »

OMFG!!! If there is one thing that I preach it is make a plan and at least stick to the general strategic vision. 4 exams from the MCSE: Security? And you are considering adding something into the mix that may cause you to break focus? FINISH THIS DANG MCSE:S IN 4 MONTHS! Then buy all the flippin' CISSP books you want.

I am seriously throwing down a challenge. 4 tests in 4 months. Do it!

haha nicely done.

i agree, finish the mcse track. i made that mistake and stopped at SA 2k3. wish i just finished the lot but nevermind, i never work with the stuff now!

Pick up a CISSP book in the meantime just to get some overview and what to expect. but get down and dirty once you've finished the mcse. CISSP is a good thing to have for sure, whether it fits in with your short term goals is upto you. Do whats best for you i say.

UnixGuy

You have the power to make it mean nothing...just pretend that the conversation between you and your boss didn't happen. Totally ignore it.

They will forget about it sooner or later...I agree with Robert, it's your career. Plan and stick to your plan.

RobertKaucher

N2IT wrote: »

I respectfully disagree.

The value of your boss requesting you to start studying doesn't mean much? Huh?

Secondly, making a blanket statement about "Do not do the start, stop and never finish". is naive. Baseline thinking/evaluation is very common with motivational speakers and successful orators. There is always more than one way to skin a cat, and if Bane's boss wants him to do something that could move him ahead, Bane would be foolish not to at the very least hear him out. The whole point of certifications is to learn and to advance. If your boss is nodding and winking saying hey " Get this certification, because good things will happen with you in this company". or " The chance of you moving up into a role we want to groom you for is very good". You better darn well stop the MCSE and go with what has hi ROI. There is no higher ROI than a guarnteed promotion if you get a certification. And as far as the criteria for the certification, that could be introduced while he is studying. People always expedite certifications when presented a situation like this. My old supervisor was ramped up on SCM SAP 3 weeks before he officially took the job.


With all that said I don't know his specific situation that's why I threw out some examples.

I would agree with you if that was what the boss actually said. You are reading a lot into the conversation. Also, be aware that I am not saying skip the CISSP, I'm just saying finish the MCSE first because it is low hanging fruit. He already has the books, he has the practice tests, even if he passed the CISSP exam tomorrow, he would not be elidgible to hold the certification.

N2IT wrote: »

Secondly, making a blanket statement about "Do not do the start, stop and never finish". is naive. Baseline thinking/evaluation is very common with motivational speakers and successful orators. There is always more than one way to skin a cat, and if Bane's boss wants him to do something that could move him ahead, Bane would be foolish not to at the very least hear him out. The whole point of certifications is to learn and to advance. If your boss is nodding and winking saying hey " Get this certification, because good things will happen with you in this company". or " The chance of you moving up into a role we want to groom you for is very good". You better darn well stop the MCSE and go with what has hi ROI. There is no higher ROI than a guarnteed promotion if you get a certification.

I take issue with your characterisation of my thought process. Had his boss actually said any of those things or guaranteed him a promotion based, not on obtaining the CISSP, but on simply passing the exam, then I would agree. But your reasoning is based on the fallacious asssumption that there is any promotion at all.

My concern about the start, stop and never finish is not based on any self-help phisolophy, either. It is based on 7 years of watching people not obtain their goals because they get taken off course. Look at this forum. How many people have you seen who want to obtain their MCSE in X amount of time and then just *poof* evaporate into nothing or change their user names to something in 1337 so we get confused about who they are (just kidding KWM, but you are a prime target of my topic here).

Again, I state: you do not just pass the exam and then get the CISSP.

Certified Information Systems Security Professional - Wikipedia, the free encyclopedia

5 years *direct* experience in a info sec related field and a sponsor are just two of the requirements in addition to passing the exam. The MCSE Security is far more attainable and could mark the beginning of the 5-year experience requirement based on how it is leveraged.

In summary there is one thing we agree on: If the boss is aware of the CISSP requirements and he asks that the CISSP exam be taken soon, then do it.

What I disagree with you on is the supposed ROI on a certification for which Devilsbane is not even elidgible to obtain.

Bl8ckr0uter

RobertKaucher wrote: »

My concern about the start, stop and never finish is not based on any self-help phisolophy, either. It is based on 7 years of watching people not obtain their goals because they get taken off course. Look at this forum. How many people have you seen who want to obtain their MCSE in X amount of time and then just *poof* evaporate into nothing or change their user names to something in 1337 so we get confused about who they are (just kidding KWM, but you are a prime target of my topic here).

Another nut shot huh? My test is booked give me a break...

In Devils case, I think the CISSP would be a distraction. I think he should focus on the MCSE:S since he is relatively close and then go from there. Also the CISSP is not a short order anyway. Plus since he doesn't have enough infosec experience (he could pass the test, but he would be an associate of CISSP, which IMO would be worth less than a "real" MCSE:Security) anyway it seems pointless for him to change focus.

If anything this could be a jumping off point for him to talk to the other manager and possible move into an infosec role. His boss just made a mistake. If the guy said "You should get the CISSP (or associate)" that would be different.

erpadmin

RobertKaucher wrote: »

My concern about the start, stop and never finish is not based on any self-help phisolophy, either. It is based on 7 years of watching people not obtain their goals because they get taken off course. Look at this forum. How many people have you seen who want to obtain their MCSE in X amount of time and then just *poof* evaporate into nothing or change their user names to something in 1337 so we get confused about who they are (just kidding KWM, but you are a prime target of my topic here).

I can now chime in, especially when I not only agreed with this, but repped this as well. Especially that "l337" bit...though I believe when the guy says he's going to take his exam on 10/12 once and for all.

Devilsbane at least thought stopping his studies would give him a promotion down the road. HOWEVER, as Robert said, it would be a mistake for you (DB) to drop your MCSE studies and jump into CISSP. CISSP is a very involved exam and there are critieria you have to do before you can even take the exam. Since you already started that track, you might as well finish it so you can move on to the next thing (and perhaps it is CISSP). (And this doesn't change my opinion on whether the MCSE or MCITP:EA should done, either....since you started MCSE, might as well complete it. ).

However, if the CISSP was something you never wanted to do but are only doing it because hey, someone with a boss title wants you to do it, and it was never in your personal career track, then you need to weigh that and carefully. The CISSP is not a joke (the prep and the exam) and should not be taken lightly.

So I wouldn't worry too much about that conversation, just stay focused on what you are doing and how you are going to get there.

tbgree00

I have to throw my hat into the MCSE ring. I realize you weren't seriously considering stopping your studies and you have spent the money on finishing this. If it was more than a way to make relevant small talk I think talking to the boss would be a good step. Let him know you bought this stuff and would appreciate finishing it. It really impresses a good supervisor to have a worker who funds his own learning and keeps it up.

I have been presented a similar situation. One of my friends is a higher up in a public service company. We talked about my job and he gave me the "If you took the education and certs you have now and added [a very specific masters program] then you would be set for life. I would hire you and I don't even have a job opening." That caused me to reconsider my goals since the master program was interesting but I doubt I'll move that way.

earweed

I'll have to say here that I also agree with Robert about staying the track for now. If that other manager were to tell him today "I can sponsor you and get you into security tomorrow if you start studying for the CISSP" then my opinion would be different and I'd say put the MCSE on hold (or study both) and pick up some CISSP study material and start today. Since that hasn't happened then stay the course.
But about what his manager said DB could just occasionally bring in some CISSP related material to read over to let the manager know that he is indeed planning on eventually studying for and getting the CISSP. Who knows, by the time DB gets around to actually studying for the CISSP he may be able to challenge that he does have the experience and may be able to find a sponsor.

RobertKaucher

Bl8ckr0uter wrote: »

Another nut shot huh? My test is booked give me a break...

Don't forget I posted my goals as well! So I expect the same from you when I start skipping my milestones. And I know I will. I'm getting very lazy about certs.

Devilsbane

Just to clarify, I have never intended to stop my MCSE studies. I've worked damn hard and it would be ridiculous to stop just short of the finish line. I also don't think I am anywhere near ready to take on the CISSP, and even if I did invest the time and money into getting it, I still am about 4 years shy of actually getting it (experience req). CISA or CISM could be in my future next year to give a firm ground and possibly lead me into a job to get those 4 years.

But we will just have to see what happens. A lot could change in the next 6 months to 4 years. "If you want to make God laugh, make a plan." That doesn't mean I don't try, it means that I am understanding to how things might change. My inital plan was to stop at MCSA and then move to MCITP. Once I got it I thought, what the heck, lets see MCSE. Now I'm thinking take the extra 299 and get MCSE:S.

Bl8ckr0uter

RobertKaucher wrote: »

Don't forget I posted my goals as well! So I expect the same from you when I start skipping my milestones. And I know I will. I'm getting very lazy about certs.

lol! Yea I would post mine but I'm scared of being shunned.

N2IT

RobertKaucher wrote: »

I would agree with you if that was what the boss actually said. You are reading a lot into the conversation. Also, be aware that I am not saying skip the CISSP, I'm just saying finish the MCSE first because it is low hanging fruit. He already has the books, he has the practice tests, even if he passed the CISSP exam tomorrow, he would not be elidgible to hold the certification.

How do you know he is not eligible? I haven't seen any information indicating one way or another. Maybe you know more about his personal life and achievements than I. I thought since his boss was directly making a comment at him, he would of known the requirements.


I take issue with your characterisation of my thought process. Had his boss actually said any of those things or guaranteed him a promotion based, not on obtaining the CISSP, but on simply passing the exam, then I would agree. But your reasoning is based on the fallacious asssumption that there is any promotion at all.

It's called reading between the lines. If your boss comes up to you and mentions something to you, USUALLY, they are trying to imply something, at least that is my experience. You wern't there either was I, it's a matter of OPINION.

My concern about the start, stop and never finish is not based on any self-help phisolophy, either. It is based on 7 years of watching people not obtain their goals because they get taken off course. Look at this forum. How many people have you seen who want to obtain their MCSE in X amount of time and then just *poof* evaporate into nothing or change their user names to something in 1337 so we get confused about who they are (just kidding KWM, but you are a prime target of my topic here).

Where I have a problem with the Start, Stop, and Never finish theory is that we all have had regrets. I am one of them, I have a hosptiality degree, by your theory I was correct in finishing, however in my I wasn't. I now wish I would of changed to Business or IT. I did use your theory and ever since I haven't been happy with the outcome. Again baseline thinking, in my opinion is a much more progress way of thinking and provides a much better ROI. I personally thinking locking into one target and never swaying is silly, again this is just me.

Again, I state: you do not just pass the exam and then get the CISSP.

Certified Information Systems Security Professional - Wikipedia, the free encyclopedia

5 years *direct* experience in a info sec related field and a sponsor are just two of the requirements in addition to passing the exam. The MCSE Security is far more attainable and could mark the beginning of the 5-year experience requirement based on how it is leveraged.

I've been in business for almost 15 years and IT over 5. I find this comment patronizing, but I won't take it personal. DB never claimed he had or didn't have the experience. I assumed he did you assumed he didn't.

In summary there is one thing we agree on: If the boss is aware of the CISSP requirements and he asks that the CISSP exam be taken soon, then do it.

What I disagree with you on is the supposed ROI on a certification for which Devilsbane is not even elidgible to obtain.

Again there was never one mention of security experience in the original post.

motogpman

LOL, that's why I posted that we need more info. The actual conversation that took place between DB and his manager, his work environment, personal short/long term goals ( or other's attempt at motivating him, LOL), and what it takes to finish are all relevant.

I think everyone can agree that finishing the MCSE:Sec is the MAIN goal for him at this point. If his manager is willing to help him in getting the other cert or turns it into an "objective" for his position, or even possible contractual agreement, than he should NOT deviate from getting the MCSE:Sec and explain to his manager what he is currently working on and working towards. Otherwise he may have no choice.

Everyone's situation is different and like talking/posting on the internet, we aren't in his shoes to know exactly what he should do other than trying to give him encouragement and advice, something that TE members are excellent at doing.

Either way DB, keep at it and I am sure everything will work out for the best.

RobertKaucher

@N2IT, First off I want to say I'm having fun with this discussion. I'm not getting angry or anything.

Second, I think you misunderstand my suggestion. I'm not saying lock in and never change. I'm saying only change with good reason.

I assumed he did you assumed he didn't.

I am actually not assuming anything about his work experience. We have corresponded regarding it in other threads. It is a sad comment on my social life, but my wife knows at least 3 of the members of TE by name because I talk about it so much.

It's called reading between the lines. If your boss comes up to you and mentions something to you, USUALLY, they are trying to imply something, at least that is my experience. You wern't there either was I, it's a matter of OPINION.

Agreed. But before I allowed it to influence my path I would know his expectations for sure. My opinion was based on the little knowledge I have about his work experience. My immediate thought was this was a comment from his boss that did not mean much more than what was said.

In fact, I would be concerned that Devilbane's boss might not even understand the requirements!

Aslo, I hope you know that when I get in a discussion like this I am not attacking you, but I will attack your ideas as I see fit and expect nothing less from you concerning my opinions. And if I am forced to conclude you are correct and I am wrong, I will fold like a house of cards.

N2IT

RobertKaucher wrote: »

@N2IT, First off I want to say I'm having fun with this discussion. I'm not getting angry or anything.

Second, I think you misunderstand my suggestion. I'm not saying lock in and never change. I'm saying only change with good reason.



I am actually not assuming anything about his work experience. We have corresponded regarding it in other threads. It is a sad comment on my social life, but my wife knows at least 3 of the members of TE by name because I talk about it so much.



Agreed. But before I allowed it to influence my path I would know his expectations for sure. My opinion was based on the little knowledge I have about his work experience. My immediate thought was this was a comment from his boss that did not mean much more than what was said.

In fact, I would be concerned that Devilbane's boss might not even understand the requirements!

Aslo, I hope you know that when I get in a discussion like this I am not attacking you, but I will attack your ideas as I see fit and expect nothing less from you concerning my opinions. And if I am forced to conclude you are correct and I am wrong, I will fold like a house of cards.

All good nothing personal.

I wish him, you and everyone else on here well in their IT journey.